x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-465w-gg5p-85c9 #626

julieqiu · 2022-08-01T18:17:37Z

In GitHub Security Advisory GHSA-465w-gg5p-85c9, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/kiali/kiali	1.15.1	>= 0.4.0, < 1.15.1

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/kiali/kiali
    versions:
      - introduced: 0.4.0
        fixed: 1.15.1
description: An insufficient JWT validation vulnerability was found in Kiali versions
    0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker
    could abuse this flaw by stealing a valid JWT cookie and using that to spoof a
    user session, possibly gaining privileges to view and alter the Istio configuration.
published: 2021-05-18T21:09:01Z
last_modified: 2021-05-18T21:09:01Z
cves:
  - CVE-2020-1762
ghsas:
  - GHSA-465w-gg5p-85c9
links:
    context:
      - https://github.com/advisories/GHSA-465w-gg5p-85c9

The text was updated successfully, but these errors were encountered:

rolandshoemaker · 2022-08-03T18:15:11Z

Vuln in tool.

gopherbot · 2024-06-14T19:54:57Z

Change https://go.dev/cl/592770 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:37:46Z

Change https://go.dev/cl/607222 mentions this issue: data/reports: unexclude 20 reports (20)

- data/reports/GO-2022-0609.yaml - data/reports/GO-2022-0611.yaml - data/reports/GO-2022-0612.yaml - data/reports/GO-2022-0615.yaml - data/reports/GO-2022-0616.yaml - data/reports/GO-2022-0617.yaml - data/reports/GO-2022-0618.yaml - data/reports/GO-2022-0620.yaml - data/reports/GO-2022-0622.yaml - data/reports/GO-2022-0623.yaml - data/reports/GO-2022-0625.yaml - data/reports/GO-2022-0626.yaml - data/reports/GO-2022-0630.yaml - data/reports/GO-2022-0631.yaml - data/reports/GO-2022-0632.yaml - data/reports/GO-2022-0634.yaml - data/reports/GO-2022-0636.yaml - data/reports/GO-2022-0638.yaml - data/reports/GO-2022-0640.yaml - data/reports/GO-2022-0641.yaml Updates #609 Updates #611 Updates #612 Updates #615 Updates #616 Updates #617 Updates #618 Updates #620 Updates #622 Updates #623 Updates #625 Updates #626 Updates #630 Updates #631 Updates #632 Updates #634 Updates #636 Updates #638 Updates #640 Updates #641 Change-Id: I9fc909832a7e4eb1d23e5eee482674e307e3ee5c Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607222 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

julieqiu assigned rolandshoemaker Aug 3, 2022

rolandshoemaker added the NotGoVuln label Aug 3, 2022

rolandshoemaker closed this as completed Aug 3, 2022

neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NotGoVuln labels Aug 10, 2022

GoVulnBot mentioned this issue Sep 25, 2023

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-6f4m-j56w-55c3 #2075

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-465w-gg5p-85c9 #626

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-465w-gg5p-85c9 #626

julieqiu commented Aug 1, 2022

rolandshoemaker commented Aug 3, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-465w-gg5p-85c9 #626

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-465w-gg5p-85c9 #626

Comments

julieqiu commented Aug 1, 2022

rolandshoemaker commented Aug 3, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024